Basic authentication is one of the simples methods of providing credentials to access resources. Today I’m going to take a look on it and provide you with an example of a web page utilizing this mechanism written with PHP and Apache. How does basic authentication work? On request to a protected resource, the server sends […]
Category: /bin/more
Actual content
Make use of htop
Or how to look cooler with htop Htop is a popular command-line tools for monitoring processes. It has some features that seem to be rarely used but could help you with process management or at least make your terminal look cooler. Help If you’ve ever wondered what do those weird colors on CPU and memory […]
How is blacksheephacks.pl attacked?
Since the very beginning of the existence of this service I was sure that people visiting me would sooner or later start attacking me. Maybe not with helicopters like in image but in a more intangible way. I’ve also said that I’m OK with it as long as responsible disclosure is used and I’m even […]
Issues with JWT
I hoped this would never happen, but here we go. I have problems with managing to deliver an article for Wednesday not because I have so little time, but because I have no idea for an article. I’ve fooled around a little bit with network recon labs on Pentester Academy, I’ve fooled around python imports, […]
A Very Different Hello World
How to write a shellcode in assembly to display “Hello, world?” After last week when I barely had time to scratch my head and I had to transfer my fiancee’s website to a different hosting (and finally learn something about how does the dns system work) I am back to coding for myself. I decided […]
CSRF Protection – Part 2
Before I begin, I owe you an apology. In previous part I told that I would like to describe the CSRF protection mechanism, but when I got down to coding, I thought that this would be rather tedious and uninteresting. If you want to see how it works, just go to Flask’s WTF forms extension […]
CSRF protection – part 1.
CSRF – Cross Site Request Forgery is an attack in which the user performs unauthorized actions on a web page they are signed in to. In this article I will describe the theory behind it and in next part (available here), I’ll give you some code to fool around with. What is the problem? Imagine […]
First steps with radare2
OK I might not be going to make math at all, not because my last experience with chemistry was about 6-7 years ago in my high school. After all I like command-line tools after having Linux as my primary driver for some time (and maybe again in near future ;)), however, my relationship with VIM […]
Second Factor Authentication – Short Comparison
Since I’ve reviewed password storing possibilities in my recent blog posts (part 1 and 2), it’s time to ask question: can we do better? What Risks Are Left? First of all the user might be using a weak, guessable password. Something like their name, strings like “123456”. Sometimes this might be backed up by meaningless […]
Simple assembly program on MacOS
While going through shellcoding course on Pantester Academy I though I would like to check how the code in the course would look like on MacOS. On Linux this was pretty straightforward: Set one syscall (mov rax, 1), to write to standard output (mov rdi, 1), enter hello_world string, enter its length, call, set another […]